diff --git a/config-backup-managebackups.php b/config-backup-managebackups.php index 7113ffd59..39edb5145 100644 --- a/config-backup-managebackups.php +++ b/config-backup-managebackups.php @@ -36,7 +36,29 @@ include("library/layout.php"); include_once("include/management/functions.php"); - $file = (array_key_exists('file', $_POST) && isset($_POST['file'])) ? $_POST['file'] : ""; + // validate path + $backup_path_prefix = $configValues['CONFIG_PATH_DALO_VARIABLE_DATA'] . "/backup"; + $backup_file_suffix = ".sql"; + + $file = ""; + if (array_key_exists('file', $_POST) && !empty(trim($_POST['file']))) { + $candidate_backup_file = trim($_POST['file']); + + if ( + // this ensures that candidate_backup_file does not contain any ".." sequence + strpos($candidate_backup_file, "..") === false && + + // this ensures that candidate_backup_file does not contain any "/" char + strpos($candidate_backup_file, "/") === false && + + // this ensures that candidate_backup_file ends with the backup_file_suffix + substr($candidate_backup_file, -strlen($backup_file_suffix)) === $backup_file_suffix + ) { + + $file = $candidate_backup_file; + } + + } $backupAction = (array_key_exists('action', $_POST) && isset($_POST['action']) && in_array($_POST['action'], array_keys($valid_backupActions))) ? $_POST['action'] : ""; @@ -63,15 +85,14 @@ ? strtolower($_GET['orderType']) : "asc"; // init backup paths - $filePath = $configValues['CONFIG_PATH_DALO_VARIABLE_DATA'] . "/backup"; - $fileName = sprintf("%s/%s", $filePath, $file); + $fileName = sprintf("%s/%s", $backup_path_prefix, $file); $baseFile = basename($fileName); if ($_SERVER['REQUEST_METHOD'] === 'POST') { if (array_key_exists('csrf_token', $_POST) && isset($_POST['csrf_token']) && dalo_check_csrf_token($_POST['csrf_token'])) { - if (!empty($file) && !empty($backupAction) && is_dir($filePath) && is_readable($fileName)) { + if (!empty($file) && !empty($backupAction) && is_dir($backup_path_prefix) && is_readable($fileName)) { $fileContents = file_get_contents($fileName); $fileLen = strlen($fileContents); @@ -163,6 +184,9 @@ $logAction .= "$failureMsg on page: "; } + } else { + $failureMsg = sprintf("The requested action cannot be performed"); + $logAction .= "$failureMsg on page: "; } @@ -191,29 +215,29 @@ // get backup info $backupInfo = array(); - if (is_dir($filePath)) { - $files = scandir($filePath); + if (is_dir($backup_path_prefix)) { + $files = scandir($backup_path_prefix); if ($orderType == "desc") { rsort($files); } $skipList = array( ".", "..", ".svn", ".git" ); - foreach ($files as $file) { + foreach ($files as $this_file) { - if (in_array($file, $skipList)) { + if (in_array($this_file, $skipList)) { continue; } - list($junk, $date, $time) = explode("-", $file); + list($junk, $date, $time) = explode("-", $this_file); $fileDate = substr($date, 0, 4) . "-" . substr($date, 4, 2) . "-" . substr($date, 6, 2); $fileTime = substr($time, 0, 2) . ":" . substr($time, 2, 2) . ":" . substr($time, 4, 2); - $fileSize = filesize($filePath."/".$file); + $fileSize = filesize(sprintf("%s/%s", $backup_path_prefix, $this_file)); $backupInfo[] = array( sprintf("%s, %s", $fileDate, $fileTime), - $file, + $this_file, toxbyte($fileSize), ); diff --git a/config-logging.php b/config-logging.php index df94868e6..241acb2a5 100644 --- a/config-logging.php +++ b/config-logging.php @@ -71,7 +71,7 @@ // this ensures that candidate_log_file starts with the log_path_prefix substr($candidate_log_file, 0, strlen($log_path_prefix)) === $log_path_prefix && - // this ensures that candidate_log_file does not contain ".." + // this ensures that candidate_backup_file does not contain any ".." sequence strpos($candidate_log_file, "..") === false && // this ensures that candidate_log_file ends with the log_file_suffix diff --git a/config-mail.php b/config-mail.php index f6f06b210..3fe608452 100644 --- a/config-mail.php +++ b/config-mail.php @@ -25,28 +25,80 @@ $operator = $_SESSION['operator_user']; include('library/check_operator_perm.php'); - include_once('library/config_read.php'); + + // init logging variables $log = "visited page: "; - + $logAction = ""; + $logDebugSQL = ""; + include_once("lang/main.php"); + include("library/validation.php"); + include("library/layout.php"); - if (isset($_REQUEST['submit'])) { + $param_label = array( + 'CONFIG_MAIL_SMTPADDR' => t('all','SMTPServerAddress'), + 'CONFIG_MAIL_SMTPPORT' => t('all','SMTPServerPort'), + 'CONFIG_MAIL_SMTPFROM' => t('all','SMTPServerFromEmail'), + ); - if (isset($_REQUEST['config_mail_smtpaddr'])) - $configValues['CONFIG_MAIL_SMTPADDR'] = $_REQUEST['config_mail_smtpaddr']; - - if (isset($_REQUEST['config_mail_smtpport'])) - $configValues['CONFIG_MAIL_SMTPPORT'] = $_REQUEST['config_mail_smtpport']; - - if (isset($_REQUEST['config_mail_smtp_fromemail'])) - $configValues['CONFIG_MAIL_SMTPFROM'] = $_REQUEST['config_mail_smtp_fromemail']; - - include ("library/config_write.php"); - } + $invalid_input = array(); - include("library/layout.php"); + if ($_SERVER['REQUEST_METHOD'] === 'POST') { + if (array_key_exists('csrf_token', $_POST) && isset($_POST['csrf_token']) && dalo_check_csrf_token($_POST['csrf_token'])) { + + // validate email + if ( + array_key_exists('CONFIG_MAIL_SMTPFROM', $_POST) && + !empty(trim($_POST['CONFIG_MAIL_SMTPFROM'])) && + filter_var(trim($_POST['CONFIG_MAIL_SMTPFROM']), FILTER_VALIDATE_EMAIL) + ) { + $configValues['CONFIG_MAIL_SMTPFROM'] = trim($_POST['CONFIG_MAIL_SMTPFROM']); + } else { + $invalid_input['CONFIG_MAIL_SMTPFROM'] = $param_label['CONFIG_MAIL_SMTPFROM']; + } + + // validate port + if ( + array_key_exists('CONFIG_MAIL_SMTPPORT', $_POST) && + !empty(trim($_POST['CONFIG_MAIL_SMTPPORT'])) && + intval(trim($_POST['CONFIG_MAIL_SMTPPORT'])) >= 0 && + intval(trim($_POST['CONFIG_MAIL_SMTPPORT'])) <= 65535 + ) { + $configValues['CONFIG_MAIL_SMTPPORT'] = intval(trim($_POST['CONFIG_MAIL_SMTPPORT'])); + } else { + $invalid_input['CONFIG_MAIL_SMTPPORT'] = $param_label['CONFIG_MAIL_SMTPPORT']; + } + + // validate ip address/hostname + if ( + array_key_exists('CONFIG_MAIL_SMTPADDR', $_POST) && + !empty(trim($_POST['CONFIG_MAIL_SMTPADDR'])) && + ( + preg_match(HOSTNAME_REGEX, trim($_POST['CONFIG_MAIL_SMTPADDR'])) || + preg_match(IP_REGEX, trim($_POST['CONFIG_MAIL_SMTPADDR'])) + ) + ) { + $configValues['CONFIG_MAIL_SMTPADDR'] = trim($_POST['CONFIG_MAIL_SMTPADDR']); + } else { + $invalid_input['CONFIG_MAIL_SMTPADDR'] = $param_label['CONFIG_MAIL_SMTPADDR']; + } + + if (count($invalid_input) > 0) { + $failureMsg = sprintf("Invalid input: [%s]", implode(", ", array_values($invalid_input))); + $logAction .= "$failureMsg on page: "; + } else { + include("library/config_write.php"); + } + + } else { + // csrf + $failureMsg = "CSRF token error"; + $logAction .= "$failureMsg on page: "; + } + } + // print HTML prologue $title = t('Intro','configmail.php'); $help = t('helpPage','configmail'); @@ -60,50 +112,66 @@ include_once('include/management/actionMessages.php'); -?> - -
- - - - - - + + print_footer_and_html_epilogue(); -